Embed Size (px)
Citation preview
Fiscal Year 2017
Work Plan
Table of Contents
Message from the Inspector General .............................................................. 3
National Archives and Records Administration ............................................. 4
Office of Inspector General ............................................................................ 4
OIG Organizational Chart ............................................................................... 5
Audits .............................................................................................................. 6
Investigations ................................................................................................ 10
Special Projects and Other Work Assignments ............................................ 11
Professional Commitments ........................................................................... 13
3
Message from the Inspector General
I am pleased to present the National Archives and Records Administration (NARA) Office of
Inspector General (OIG) Fiscal Year (FY) 2017 Annual Work Plan. This document outlines a
plan for how the OIG intends to achieve its mission in FY 2017. The OIG helps NARA carry
out its responsibilities by promoting economy, efficiency, and effectiveness in the administration
of its programs and operations, while at the same time working to prevent and detect fraud,
waste, and abuse.
In FY 2016 the OIG completed audits on the agency’s FY 2015 Financial Statements,
compliance with FISMA, publicly-accessible websites, refile processes at selected Federal
records centers, the preparation and planning for the receipt of President Obama’s
administration’s records and artifacts, and others. The audit program yielded over 100
recommendations to improve NARA’s operations. The Investigative program accomplished
much of the work planned for FY 2016. In FY 2016 the Office of Investigations (OI) evaluated
nearly 500 complaints to our hotline and intake function resulting in opening 25 investigations,
51 preliminary inquiries, and 113 referrals. Our investigative work products resulted in 33
personnel actions taken by NARA including 5 removals, 4 resignations, and 2 suspensions.
We prepared this Work Plan with the agency’s mission in mind. Our planning efforts included
direct outreach and solicitation of topics and assignment suggestions from NARA’s leadership,
external stakeholders, and our staff. This plan reflects priority work we believe is necessary to
provide effective oversight of the broad spectrum of NARA’s programs and operations. It
reflects our demonstrated, ongoing commitment to provide high-quality oversight and service to
our stakeholders while helping NARA meet its strategic mission and objectives.
Overall, this plan is a projection of what we would like to accomplish in FY 2017. It is
ambitious, and we realize it may not be fully completed or may be modified. Further, it should
not be viewed as limiting our office to these specific topics, as other issues may certainly rise in
importance and require our resources.
I wish to thank each member of NARA’s leadership, as well as external stakeholders and our
staff for their direct participation in this process. I look forward to a successful year of providing
high-quality audit, investigative, and other services to NARA and our stakeholders.
James Springs
Inspector General
4
National Archives and Records Administration
NARA strives to drive openness, cultivate public participation, and strengthen the nation’s
democracy through public access to high-value government records. NARA’s mission is to
provide public access to Federal Government records in its custody and control. Public access to
government records strengthens democracy by allowing Americans to claim their rights of
citizenship, hold their government accountable, and understand their history so they can
participate more effectively in their government.
Office of Inspector General
The IG Act states the Inspector General is responsible for conducting and supervising audits and
investigations, and making any reports relating to NARA’s programs and operations which the
IG deems necessary or desirable. The IG is charged with detecting and preventing fraud, waste,
mismanagement, and abuse of agency programs and operations; while providing leadership and
coordination. The office recommends policies designed to promote economy, efficiency, and
effectiveness of the agency. Unique in the Federal system, the IG is required to keep both the
Archivist and Congress fully and currently informed about fraud and other serious problems,
abuses, and deficiencies relating to NARA’s programs and operations.
OIG Mission
The OIG serves the American citizen by improving the effectiveness, efficiency, and economy of
NARA programs and operations. We strive to detect and prevent fraud and abuse in NARA
programs, and ensure proper stewardship over Federal funds. We accomplish this by providing
high-quality, objective audits, investigations, and other activities serving as an independent,
internal advocate. Unique to our mission among other OIGs is our duty to ensure NARA
protects and preserves the items belonging in our holdings, while safely providing the American
people with the opportunity to discover, use, and learn from our documentary heritage.
5
OIG Organizational Chart
Inspector General
James Springs
Assistant Inspector General for Audits
Jewel Butler
Financial Auditor
IT Auditors (4)
Program Auditors (3)
Assistant Inspector General for
Investigations
Jason Metrick
Supervisory Special Agent
Program Analyst
Criminal Investigators (4)
Administrative Officer
Angela Smith
Counsel to Inspector General
John Simms
6
Audits
The OIG’s Office of Audits conducts and coordinates audits and other reports of NARA’s
programs, operations and activities. Our auditors examine the management and financial
operations of the agency, including its field offices; the economy and efficiency with which
agency operations are managed and the program results achieved; program effectiveness; and
compliance with laws, regulations, and internal policies in carrying out programs. Audits are
prepared in accordance with generally accepted government auditing standards promulgated by
the General Accountability Office and vary in scope and complexity.
FY 2016 Carry Over Audits
The Office of Audits substantially completed the work planned for FY 2016. Some of the
assignments span FY 2016 and FY 2017 and are in process, many near finalization. These
include:
Information Technology (IT) Audits
Audit of the Electronic Records Archives System
Audit of NARA’s Management Controls over Microsoft Access Databases
Audit of NARA’s Adoption and Management of Cloud Computing Activities
Audit of NARA’s Information System Inventory
Program Audits
Audit of NARA’s Compliance with HSPD-12 Policy for a Common Identification
Audit of NARA’s Freedom of Information Act Process
Audit of NARA’s Procurement Program
Enterprise-Wide Risk Assessment Audit of NARA’s Internal Controls
NARA’s Compliance with the Federal Managers’ Financial Integrity Act for FY15
7
FY 2017 Planned Audits
The following audits and reviews are planned for FY 2017.
Financial Audit
Consolidated Audit of NARA’s Financial Statements
Objective: To render an opinion on whether NARA’s consolidated financial statements are
presented fairly in all material respects. The contractor will issue reports on its conclusion
based on the testing of internal controls and compliance with laws and regulations.
Regulatory Audits, Compliance, and Other Reviews
Audit of NARA’s Compliance with Improper Payments Elimination and Recovery Act (IPERA)
Objective: To determine NARA’s compliance with IPERA.
Audit of NARA’s Travel and Purchase Card Programs
Objective: To determine whether NARA’s oversight of the purchase and travel card program
is effective.
Evaluation of NARA’s Compliance with the Federal Information Security Modernization Act
(FISMA) 2002
Objective: To assess the adequacy of controls over information security and compliance
with information security policies, procedures, standards, and guidelines. The project will
include tests of the effectiveness of information security control techniques.
NARA’s Compliance with the Digital Accountability and Transparency (DATA) Act
Objective: To review and assess a sampling of spending data submitted under the DATA
Act to assess the completeness, timeliness, utility, and accuracy of the data.
CIGIE’s Cross-Cutting Purchase Card Project
Objective: The OIG will participate in a CIGIE cross-cutting project on purchase cards led
by USDA OIG. The first phase will be an analysis of data through the same, defined set of
criteria, using Excel (in a layout provided by USDA OIG) as the data analytics tool. The
second phase will be a review of a statistical sample of the anomalies identified in phase 1.
8
Information Technology (IT) Audits
Audit of NARA’s Legacy IT Systems
Objective: To determine whether NARA is effectively analyzing and managing operations
and maintenance of legacy IT systems.
Audit of NARA’s Software License Management
Objective: To determine whether NARA is adequately managing software licenses.
Audit of Select NARA IT Contracts for Provisioned IT Services
Objective: To review select IT contracts to determine whether NARA is acquiring IT
services in a way which promotes effective service agreements and monitoring according to
applicable laws, regulations, and guidance, such as NIST SP 800-35, the Federal Acquisition
Regulation, and CIO/CAOC Best Practices for Acquiring IT as a Service.
Network Discovery and Assessment
Objective: To assess NARA’s current and planned network architecture and design and
provide recommendations to improve performance, security, and efficiency of the network.
Program Audits
Audit of NARA’s Accounting for Scheduled Records
Objective: To evaluate NARA’s processes for accounting for historically significant records
scheduled to accession into the agency.
Audit of NARA’s Continuity of Operations Plan (COOP)
Objective: To determine whether NARA’s COOP is adequate, and planning and testing
efforts are efficient and effective to appropriately prepare NARA employees to address
emergency situations.
Audit of NARA’s Grant Oversight and Select Grantees Use of Grant Funds
Objective: To determine whether grant funds are being expended in accordance with grant
goals and objectives. Specifically, we will determine whether grant funds can be properly
accounted for, and assess the allowability of grant expenditures. Additionally, we will
review the National Historical Publications and Records Commission’s internal controls to
determine whether they are adequate to properly account for and manage grant funds.
Audit of NARA’s Holdings Protection Program
Objective: To evaluate and assess the effectiveness of NARA’s Holdings Protection
Program and determine if NARA has adequate controls in place to effectively secure
holdings within NARA facilities.
9
Audit of NARA’s Human Capital Operations
Objective: To determine whether NARA’s human capital practices are operating efficiently
and effectively.
Audit of NARA’s Online Access to Digitized Holdings
Objective: To evaluate NARA’s controls in place to achieve its Strategic Goal of “Make
Access Happen” by providing online access to its digitized holdings through the National
Archives Catalog.
Audit of NARA’s Oversight of Electronic Records Management in the Federal Government
Objective: To determine whether weaknesses identified in the Audit of NARA’s Oversight
of Electronic Records Management in the Federal Government (OIG Audit Report 10-04,
dated April 2, 2010) still exist and program/internal controls are adequate to meet the mission
of electronic records management.
Audit of NARA Preservation Program
Objective: To determine whether weaknesses identified in the Audit of NARA’s
Preservation Program (OIG Audit Report 13-08, dated July 9, 2013) still exist and
program/internal controls are adequate to meet the mission of preserving Federal records.
Audit of NARA’s Processing of Textual Records
Objective: To determine whether weaknesses identified in the Audit of NARA’s Processing
of Textual Records (OIG Audit Report 13-04, dated September 18, 2013) still exist and
program/internal controls are adequate to meet the mission of processing textual records.
Audit of NARA’s Records Scheduling Process
Objective: To determine NARA’s processes for the development, review, and approval of
Federal records schedules.
Audit of the Office of the Federal Register’s Administration of the Electoral College Process
Objective: To determine whether the Office of the Federal Register implemented proper
controls for the administration of the Electoral College process, including properly
maintaining records from the process.
10
Investigations
The OIG’s Office of Investigations (OI) adds value to the agency’s programs and operations by
identifying and investigating fraud, waste, abuse, and misconduct leading to criminal, civil,
administrative, and other remedies. The OIG’s investigative program also provides initiatives
designed to monitor high-risk areas within NARA’s programs and operations in order to identify
vulnerabilities to identify fraud, waste, and abuse.
The following activities are planned for FY 2017 in the OI.
Investigations
The OI routinely conducts all types of investigations. These efforts typically originate as
a result of a complaint or allegation made to our Hotline and Intake program.
Investigations, referrals and inquiries emerge based on varying OIG criteria.
Investigations revealing violations of law, regulations, rules, or contract terms may result
in administrative, civil or criminal actions.
Hotline Program
The OI runs a nationwide hotline program allowing individuals to report all suspicious
activities or complaints through our website, phone number, email, or mail box. All
intakes are reviewed, and when warranted, we will do additional investigative work or
refer the intake to another entity to address the issue.
OIG National Outreach Program
The OI will continue to raise OIG awareness by reaching out to both internal NARA
employees and external sources to provide education on the OIG mission, including our
roles and responsibilities. These efforts are aimed at driving the reporting of criminal,
civil, and administrative misconduct to our Hotline function expanding investigative
caseloads. The OI will also review and revise the OIG’s public website, brochures, and
fraud posters.
Assessing NARA Programs, Policy, and Procedures
The OI will continue to proactively assess various components of NARA programs,
policy, and procedures to identify areas that are susceptible to fraud, waste, abuse, and
misconduct. In FY 2017, the OI will focus on NARA contracting and procurement,
information technology, and security.
Internal Reviews of OI Policy, Procedures, Accountable Property, and Annual Training
The OI will conduct periodic reviews of its internal Special Agent Handbook and policies
to revise and update areas of concern based upon any legal updates or issues identified by
our internal reviews. The OI review team will also annually conduct reviews of
11
accountable property, evidence, and other material to identify and resolve any issues
identified.
Special Projects and Other Work Assignments
An important goal of the OIG is to add value to the agency and the oversight community. This
year, NARA’s OIG will continue to complete special projects and other work assignments that
benefit the agency and the oversight community as a whole. The following special projects/other
work assignments are planned for FY 2017. Additional special projects and work assignments
may be undertaken during FY 2017 based on available resources.
On-Going Audit Follow-up
An important responsibility of the OIG is to follow-up on previously issued audit reports
with outstanding audit recommendations. Over the years, there have been significant
numbers of outstanding audit recommendations. The OIG, in concert with the agency,
has implemented an improved audit recommendation and follow-up process to ensure
audit recommendations are closed in a timely manner.
Management Letters
Whenever an issue arises that must be communicated to the agency before an audit or
investigation is completed, does not warrant a full audit or investigation, or it is otherwise
appropriate, the OIG will issue a management letter to the agency. This letter will
explain the issue and may or may not have suggestions for correcting it.
Management Challenges
The OIG reports annually on the important new and existing issues and challenges facing
the agency, and on efforts by the agency to meet these challenges.
Peer Review
The Council of the Inspectors General on Integrity and Efficiency (CIGIE) Peer Review
Committee schedules external quality control reviews, or peer reviews, of OIG audit and
investigative functions every three years. In FY 2017, the Office of Audits is scheduled
to be peer reviewed by the National Labor Relations Board for the three-year period
ending September 30, 2016. The Office of Investigations will be reviewed in FY 2018.
CIGIE Training Institute
The NARA OIG has an active role in helping develop the IG community. OIG staff will
assist the CIGIE Training Institute by serving as instructors for courses to the community
on various topics.
Whistleblower Protection Ombudsman
12
The IG has designated a Whistleblower Protection Ombudsman. The Ombudsman will
run a program providing training and information to potential whistleblowers on various
rules and protections available.
Responses to Standing Congressional Requests
There are standing requests from the Chairmen of the Senate Committee on Homeland
Security and Governmental Affairs, the Senate Committee on the Judiciary, and the
House Committee on Oversight and Government Reform for various items of
information from the OIG. These generally include information on reports on audits,
evaluations, and investigations conducted by the OIG; whether the OIG has been
provided with access to all information needed to accomplish its duties and
responsibilities; and unimplemented audit recommendations.
Keeping Congress Fully and Currently Informed
The IG Act requires the IG to keep Congress fully and currently informed on various
topics. Aside from our semiannual reporting, the OIG also briefs Congressional staff on
topics of particular interest. Throughout the year the OIG also responds to individual
requests from Members and Committees on a very wide variety of topics.
Non-audit Services
In very limited circumstances, OIG audit staff may perform non-audit services in
accordance with GAGAS. Such work does not usually provide a basis for conclusion,
recommendations, or opinions on the information or data. In the case of non-government
auditors who conduct audits under GAGAS, the term non-audit service is typically
synonymous with consulting services.
Transparency and Information Disclosure
The OIG will process all Freedom of Information Act (FOIA) requests for OIG records,
court orders for OIG records, and will post all publicly available reports to the OIG
website.
Legislative Review
The OIG will review proposed legislation to determine potential impact on NARA’s
programs and operations and provide feedback to the appropriate parties as necessary.
The OIG will also review various proposed testimony to Congress, OMB regulations, and
others.
Review NARA Regulations and Directives
The OIG will review proposed NARA regulations and directives to determine the impact
on NARA and OIG operations, and provide feedback to the agency as necessary.
13
Professional Commitments
In addition to the OIG’s audit and investigative responsibilities, the OIG has professional
commitments during FY2017, to include, but are not limited to, the following listed below. The
IG and OIG staff also participates in several Federal Inspectors General community working
groups on topics related to law, audits, and investigations. These additional requirements
positively contribute to the success and mission of the OIG.
Participation and Attendance in Professional Working Groups and Other Meetings
The IG or OIG staff will regularly attend CIGIE professional working group meetings
(Audit Committee, Investigative Committee, Council of Counsels to the Inspector
General, Federal Audit Executive Council, and Financial Statement Audit Network
Group).
Complete Semiannual Reporting
In accordance with the IG Act, the OIG will prepare and transmit to the Congress
semiannual reports on the activities of the OIG. Semiannual reports summarize OIG
activities during the immediately preceding six-month periods ending March 31st and
September 30th of each year.
Professional Development and Training
OIG staff will attend professional training during the FY to maintain and improve their
professional competencies and gain additional knowledge, skills, and abilities on
emerging issues that affect the IG community.
